As it is generally known, public-key cryptography uses key pairs, each of which consists of a public key that may be publically distributed and a corresponding private key which is privately held by the owner of the key pair. Public-key cryptography techniques include using the public key to verify that digitally signed messages originated with the holder of the corresponding private key, and/or using a public key to encrypt messages such that they can only be decrypted by the holder of the corresponding private key. Digital certificates (sometimes also referred to as “public key certificates”) are used to verify that a particular public key belongs to a certain entity. One example of a digital certificate is defined by the X.509 standard, which specifies formats for digital certificates and certificate revocation lists. X.509 digital certificates are typically provided by a Certificate Authority (CA). Another example of a digital certificate is an “identity certificate” that may be provided by a trusted third party (a “trusted peer”) through a web of trust, as defined in the Pretty Good Privacy (PGP) data encryption and decryption system.
Many secure communication protocols use public-key cryptography, and accordingly require digital certificates. Examples of protocols that use public-key cryptography include Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS), Secure Shell (SSH), Secure/Multipurpose Internet Mail Extensions (S/MIME), PGP, and Internet Key Exchange (IKE).
As more and more network services operate using secure network communications provided by protocols that use public-key cryptography, the number of digital certificates that must be stored and managed on computerized platforms that provide and/or use network services has also increased. Effective management of digital certificates and related certificate revocation lists that are maintained within a computerized platform is crucial to preventing interruption of such network services.